From c75a08a749718fc5ef25f8c2f826939be657c0bf Mon Sep 17 00:00:00 2001 From: Daniel Silverthorn Date: Thu, 4 May 2017 13:08:13 -0400 Subject: Initial search service commit Changing common logging dep Change-Id: I454697a9df0ee63f43d7b7d2a3818fe2d9b7bcf2 Signed-off-by: Daniel Silverthorn --- .../openecomp/sa/auth/SearchDbServiceAuthCore.java | 256 +++++++++++++++++++++ 1 file changed, 256 insertions(+) create mode 100644 src/main/java/org/openecomp/sa/auth/SearchDbServiceAuthCore.java (limited to 'src/main/java/org/openecomp/sa/auth/SearchDbServiceAuthCore.java') diff --git a/src/main/java/org/openecomp/sa/auth/SearchDbServiceAuthCore.java b/src/main/java/org/openecomp/sa/auth/SearchDbServiceAuthCore.java new file mode 100644 index 0000000..b0d823a --- /dev/null +++ b/src/main/java/org/openecomp/sa/auth/SearchDbServiceAuthCore.java @@ -0,0 +1,256 @@ +/** + * ============LICENSE_START======================================================= + * Search Data Service + * ================================================================================ + * Copyright © 2017 AT&T Intellectual Property. + * Copyright © 2017 Amdocs + * All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License ati + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + * ECOMP and OpenECOMP are trademarks + * and service marks of AT&T Intellectual Property. + */ +package org.openecomp.sa.auth; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.json.simple.parser.JSONParser; +import org.json.simple.parser.ParseException; +import org.openecomp.cl.api.Logger; +import org.openecomp.cl.eelf.LoggerFactory; +import org.openecomp.sa.searchdbabstraction.util.SearchDbConstants; + +import java.io.File; +import java.io.FileNotFoundException; +import java.io.FileReader; +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Timer; + +public class SearchDbServiceAuthCore { + + private static Logger logger = LoggerFactory.getInstance() + .getLogger(SearchDbServiceAuthCore.class.getName()); + + private static String GlobalAuthFileName = SearchDbConstants.SDB_AUTH_CONFIG_FILENAME; + + private static enum HTTP_METHODS { + POST, GET, PUT, DELETE + } + + ; + + // Don't instantiate + private SearchDbServiceAuthCore() { + } + + private static boolean usersInitialized = false; + private static HashMap users; + private static boolean timerSet = false; + private static Timer timer = null; + + public synchronized static void init() { + + + SearchDbServiceAuthCore.getConfigFile(); + SearchDbServiceAuthCore.reloadUsers(); + + } + + public static void cleanup() { + timer.cancel(); + } + + public static String getConfigFile() { + if (GlobalAuthFileName == null) { + String nc = SearchDbConstants.SDB_AUTH_CONFIG_FILENAME; + if (nc == null) { + nc = "/home/aaiadmin/etc/aaipolicy.json"; + } + + GlobalAuthFileName = nc; + } + return GlobalAuthFileName; + } + + public synchronized static void reloadUsers() { + users = new HashMap(); + + + ObjectMapper mapper = new ObjectMapper(); // can reuse, share globally + JSONParser parser = new JSONParser(); + try { + Object obj = parser.parse(new FileReader(GlobalAuthFileName)); + // aailogger.debug(logline, "Reading from " + GlobalAuthFileName); + JsonNode rootNode = mapper.readTree(new File(GlobalAuthFileName)); + JsonNode rolesNode = rootNode.path("roles"); + + for (JsonNode roleNode : rolesNode) { + String roleName = roleNode.path("name").asText(); + + TabularAuthRole authRole = new TabularAuthRole(); + JsonNode usersNode = roleNode.path("users"); + JsonNode functionsNode = roleNode.path("functions"); + for (JsonNode functionNode : functionsNode) { + String function = functionNode.path("name").asText(); + JsonNode methodsNode = functionNode.path("methods"); + boolean hasMethods = false; + for (JsonNode methodNode : methodsNode) { + String methodName = methodNode.path("name").asText(); + hasMethods = true; + String thisFunction = methodName + ":" + function; + + authRole.addAllowedFunction(thisFunction); + } + + if (hasMethods == false) { + // iterate the list from HTTP_METHODS + for (HTTP_METHODS meth : HTTP_METHODS.values()) { + String thisFunction = meth.toString() + ":" + function; + + authRole.addAllowedFunction(thisFunction); + } + } + + } + for (JsonNode userNode : usersNode) { + // make the user lower case + String username = userNode.path("username").asText().toLowerCase(); + SearchDbAuthUser authUser = null; + if (users.containsKey(username)) { + authUser = users.get(username); + } else { + authUser = new SearchDbAuthUser(); + } + + + authUser.setUser(username); + authUser.addRole(roleName, authRole); + users.put(username, authUser); + } + } + } catch (FileNotFoundException fnfe) { + logger.debug("Failed to load the policy file "); + + } catch (ParseException e) { + logger.debug("Failed to Parse the policy file "); + + } catch (JsonProcessingException e) { + logger.debug("JSON processing error while parsing policy file: " + e.getMessage()); + + } catch (IOException e) { + logger.debug("IO Exception while parsing policy file: " + e.getMessage()); + } + + usersInitialized = true; + + } + + public static class SearchDbAuthUser { + public SearchDbAuthUser() { + this.roles = new HashMap(); + } + + private String username; + private HashMap roles; + + public String getUser() { + return this.username; + } + + public HashMap getRoles() { + return this.roles; + } + + public void addRole(String roleName, TabularAuthRole authRole) { + this.roles.put(roleName, authRole); + } + + public boolean checkAllowed(String checkFunc) { + for (Map.Entry roleEntry : this.roles.entrySet()) { + TabularAuthRole role = roleEntry.getValue(); + if (role.hasAllowedFunction(checkFunc)) { + // break out as soon as we find it + return true; + } + } + // we would have got positive confirmation had it been there + return false; + } + + public void setUser(String myuser) { + this.username = myuser; + } + + } + + public static class TabularAuthRole { + public TabularAuthRole() { + this.allowedFunctions = new ArrayList(); + } + + private List allowedFunctions; + + public void addAllowedFunction(String func) { + this.allowedFunctions.add(func); + } + + public void delAllowedFunction(String delFunc) { + if (this.allowedFunctions.contains(delFunc)) { + this.allowedFunctions.remove(delFunc); + } + } + + public boolean hasAllowedFunction(String afunc) { + if (this.allowedFunctions.contains(afunc)) { + return true; + } else { + return false; + } + } + } + + public static HashMap getUsers(String key) { + if (!usersInitialized || (users == null)) { + reloadUsers(); + } + return users; + } + + public static boolean authorize(String username, String authFunction) { + // logline.init(component, transId, fromAppId, "authorize()"); + + if (!usersInitialized || (users == null)) { + init(); + } + if (users.containsKey(username)) { + if (users.get(username).checkAllowed(authFunction) == true) { + + return true; + } else { + + + return false; + } + } else { + + return false; + } + } +} -- cgit 1.2.3-korg